RLM_PERL Integration Issue

FreeRadius-ML freeradius at zap2link.com
Tue Jul 17 20:09:40 CEST 2007 

Ok,

  Here's what I did:

1. I've removed all the rlm_perl configurations from the radiusd.conf file, and 
   enabled the digest authentication back.
2. I've added to my users file the following lines:

101 at 192.168.2.80 Auth-Type := Digest, User-Password == "101"
        Reply-Message = "Authenticated"

102 at 192.168.2.80 Auth-Type := Digest, User-Password == "102"
        Reply-Message = "Authenticated"

test at 192.168.2.80 Auth-Type := Digest, User-Password == "test"
        Reply-Message = "Authenticated"


  Now, when I try to authorize on FreeRadius, i'm getting the following:

modcall: entering group authenticate for request 1
rlm_digest: Configuration item "User-Password" or Digest-HA1 is required for authentication.
  modcall[authenticate]: module "digest" returns invalid for request 1
modcall: leaving group authenticate (returns invalid) for request 1


  I'm using version 1.1.7pre3

Z2L
----- Original Message -----
From: "Alan DeKok" <aland at deployingradius.com>
To: freeradius at zap2link.com, "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: 20:59:53 (GMT+0200) Asia/Jerusalem יום שלישי 17 יולי 2007
Subject: Re: RLM_PERL Integration Issue

FreeRadius-ML wrote:
>   Well, the perl script is currently setup to return OK on every request. 

  Which won't work for digest authentication.  Please see the "sterman"
draft distributed in doc/rfc/

> I had enabled the perl section in the authentication part of the configuration,
> I'm not that dimwitted. 

  That's nice.  Enabling it is one thing.  Telling the server to *use*
it is another.

>   Essentially, I need to work with rlm_perl because I don't want to use user
> flat files or an SQL, as my end target is to authenticate to some propietary system
> that we've developed here. 

  Then you're doing it wrong.

  List the "digest" module in "authorize" and "authenticate".  Then,
have the perl authorize function set Cleartext-Password, as suggested in
the FAQ.  Once that's done, you don't *need* a Perl "authenticate" function.

  As I said a few messages ago:

  1) Get digest working

  2) Get Perl working

  You're still insisting on trying to do both at once.  That's why it
isn't working.

  Alan DeKok.

More information about the Freeradius-Users mailing list